FITSP Overview

FITSP Certifications

FITSP is separated into four
certification roles:

FITSP-Manager (FITSP-M)

FITSP-Designer (FITSP-D)

FITSP-Operator (FITSP-O)

FITSP-Auditor
(FITSP-A)

These functional roles are complementary and consistent to those
identified in NIST SP 800-16 Draft 1 (from March 2009) - Information Security Training
Requirements: A Role and Performance Based Model.

There are a number of IT security certifications on the market
today. However, most of these are generalist certifications that
promote “international best practices” and methodologies common to
all types of organizations. The FITSP certification program is
different in that it helps validate the skills and knowledge of
Federal employees and contractors against Federal standards and
practices.

The FITSP certification addresses an important and needed role in
validating the skills of IT security professionals against NIST
standards and documentation. It is really the intersection of IT
security skills, the NIST framework, and an independent
third party certification validation of candidates to help increase
the knowledge pool of Federal workers and contractors. The FITSP
certification is positioned to help protect the nation’s critical
infrastructure and by default the information that its people and
citizens expect to have protected.

Certification Roles

When a candidate pursues the FITSP certification he or she
selects from four roles. This means there are four different
exams and a candidate can pursue one or all four roles to
demonstrate competency in any of these areas. While the exams
deal with the same domains, each role is tested on a different set
of publications, themes, and topical areas that are relevant to each
respective job role. These roles are:

Manager - The Manager role is designed for candidates who
act in an oversight capacity with regard to IT security.
Candidates for this are usually CISOs, ISMs, IAMs, etc. A
candidate would earn a FITSP-Manager(FITSP-M)
credential in
this area.

Designer - The Designer role is designed for candidates
who are tasked with designing and developing a system within an organization.
These are usually system designers and developers, ISSEs, and other engineers. A candidate would earn a
FITSP-Designer(FITSP-D) credential in this area.

Operator - The Operator role is designed for candidates
who implement and operate an information system within
an organization. These are usually the system and application
administrators, system owners, ISSOs, DBAs and other personnel who manage and maintain the
system. A candidate would earn a FITSP-Operator(FITSP-O) credential in this area.

Auditor - The auditor role is designed for candidates who
review and audit the IT system. These are usually IT auditors
that are found within the Inspector General community as well as public accounting
companies. A candidate would earn a FITSP-Auditor
(FITSP-A)
credential in this area.

These functional roles are complimentary and consistent to those
identified in NIST SP 800-16 Draft 1 (from March 2009) - Information Security Training
Requirements: A Role and Performance Based Model.